Nna*_*mdi 2 php authentication laravel
我对 Laravel 真的很陌生。我很享受这个框架的每一点。我最近在身份验证/登录方面遇到了一些问题。
用户注册工作正常,但当我尝试使用注册期间创建的相同凭据登录时,该应用程序抛出此错误:
这些凭据与我们的记录不符
我还查看了数据库中的用户表,并捕获了注册表中的所有字段。我只是想知道为什么应用程序无法从数据库中检索这些。
请参阅下面我的 LoginController 代码:
namespace App\Http\Controllers\Auth;
use App\Models\User;
use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Firebase\JWT\JWT;
class LoginController extends Controller
{
/*
|--------------------------------------------------------------------------
| Login Controller
|--------------------------------------------------------------------------
|
| This controller handles authenticating users for the application and
| redirecting them to your home screen. The controller uses a trait
| to conveniently provide its functionality to your applications.
|
*/
use AuthenticatesUsers;
/**
* Where to redirect users after login.
*
* @var string
*/
protected $redirectTo = '/dashboard';
// Get your service account's email address and private key from the JSON
key file
protected $service_account_email = "abc-123@a-b-c-
123.iam.gserviceaccount.com";
protected $private_key = "-----BEGIN PRIVATE KEY-----...";
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
$this->middleware('guest')->except('logout');
$this->service_account_email = config('services.firebase.client_email');
$this->private_key = config('services.firebase.private_key');
}
/**
* Get the needed authorization credentials from the request.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
protected function credentials(Request $request)
{
$data = $request->only($this->username(), 'password');
$data['email_confirmed'] = 1;
return $data;
}
protected function authenticated(Request $request, $user)
{
$jwt = $this->create_custom_token($user,false);
session(['jwt' => $jwt]);
return redirect()->intended($this->redirectPath());
}
function create_custom_token(User $user, $is_premium_account) {
$now_seconds = time();
$payload = array(
"iss" => $this->service_account_email,
"sub" => $this->service_account_email,
"aud" => "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit",
"iat" => $now_seconds,
"exp" => $now_seconds+(60*60), // Maximum expiration time is one hour
"uid" => $user->ref_code,
"email" => $user->email,
"name" => $user->name,
"phone_number" => $user->phone_number,
"claims" => array(
"premium_account" => $is_premium_account
)
);
return JWT::encode($payload, $this->private_key, "RS256");
}
}
我怎样才能解决这个问题?
我在上面找到了解决我的问题的方法!
好的,显然,问题在于应用程序对密码进行了双重哈希处理。我从http://laravel.com/docs/5.1/authentication阅读
从它谈到尝试方法的地方:“如果找到用户,则将存储在数据库中的散列密码与通过数组传递给该方法的散列密码值进行比较。如果两个散列密码匹配,则经过身份验证的会话将被为用户启动。”
因此,即使我在表单中传递了正确的密码,尝试方法也会对从表单发送的密码调用 bcrypt。一旦它被散列,它就不再匹配计划文本密码。
因此,我没有尝试记住在 save/update/db 播种时散列我的密码,而是向 User 类添加了一个属性修改器:
public function setPasswordAttribute($password)
{
$this->attributes['password'] = bcrypt($password);
}
瞧!问题已解决
| 归档时间: |
|
| 查看次数: |
12763 次 |
| 最近记录: |